Introduction: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.
No edit summary
 
(31 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The Allegro Network Multimeter is a real-time network measurement tool to identify network problems, performance bottlenecks, and to measure network quality parameters. It can be used for network trouble shooting, performance measurement, performance monitoring, and other use cases. The device is easy to install and provides a modern web based interface to analyze multiple network traffic parameters from all layers of the network stack.
The Allegro Network Multimeter is a real-time network measurement tool to identify network problems, performance bottlenecks, and to measure network quality parameters. It can be used for network troubleshooting, performance measurement, performance monitoring and other use cases. The appliance is easy to install and provides a modern web-based interface to analyze multiple network traffic parameters from all Layers of the network stack.


The device can be placed inline in gigabit networks, or running on a mirror port of a router. It will measure the following network parameters:
The appliance can be placed inline in gigabit networks, or running on the Mirror Port of a router. It will measure the following network parameters:
* '''Layer 2''' statistics & analysis MAC, QoS, ARP, VLAN, STP, MPLS, LLDP, PPPoE, packet size distribution and Micro burst analysis.
* '''Layer 3''' statistics & analysis Individual IP, QoS, DHCP, DNS, Netbios, ICMP, Multicast and Geolocation.
* '''Layer 4''' statistics & analysis TCP, IPSec, individual connections and L4 server ports.
* '''Layer 7''' statistics & analysis  SSL, HTTP, SIP, RTP, SMB, Profinet, OPC-UA, L7 app. protocols, NTP, PTP and custom response time analysis.
{|class="wikitable"
|[[File:1.png|800px|Introduction|link=https://allegro-packets.com/wiki/File:1.png|alt=|none|thumb]]
|}


* Layer 2 MAC analysis: Througput, assigned IP addresses, communication peers, and more
* Layer 3 IP analysis: Throughput, used IPs, communication peers, connection information, DPI protocols used, Geolocation (country information)
* Layer 7 analysis: passive DNS name resolving, passive DHCP information, DPI protocols


All information are available in realtime including history graphs of the traffic for the complete device, per MAC address, per IP address, or even per protocol. Additionally, graphs can be clicked to zoom into a specific time frame and see measurement results for only that time window.
All information is available in Real-Time including history graphs of the global traffic, traffic per MAC address, per IP address, or even per protocol. Additionally, graphs can be clicked to zoom into a specific timeframe and see measurement results for only that specific time interval.
=== Data processing and storage ===
The Allegro Network Multimeter consists of two different and completely separate types of memory where data is being processed (RAM and Storage), which facilitates different modes of operation.


The device uses only in-memory storage and does not store any network information permanently, allowing to use the device also in restricted areas where no data is allowed to be stored. One exception, if configured, is the packet ring buffer (see Storage). Packets captured to the packet ring buffer are stored permanently until the ring buffer is deleted.
1. Allegro Network Multimeter uniquely utilizes Random Access Memory (RAM) to construct its very fast In-Memory Database. Measurement data and statistics shown throughout the web-interface/dashboard, are stored in, and retrieved from RAM. This allows for the Allegro Network Multimeter to be used in restricted and GDPR/AVG sensitive areas, where it is not allowed to store or remove data. Statistics and data shown in the dashboard will be gone in event of a power cycle.


The Allegro Network Multimeter provides open interfaces to extract all information visible in the web interface for further processing.
2. Allegro Network Multimeter facilitates the use of a so called Packet Ring Buffer. The packet ring buffer (see [[Storage]]) is a HDD/SSD storage device where packet data can be stored "permanently". This allows Allegro Network Multimeter users to retroactively extract packets of interest from the web-interface. In depth analysis of such extracted pcap file can be done either with Allegro's built in Webshark or with Wireshark.


Also, network traffic can be captured in real-time as HTTP downloads, including filtering to selected IPs, protocols, or MAC address.
The use of a packet ring buffer also allows to easily replay network traffic (or parts thereof) that was captured to the storage device. So for instance, an engineer could send out a portable Allegro Network Multimeter to a remote site/customer, have the Allegro Network Multimeter collect network traffic for multiple days and replay & analyze this data afterwards. Packet broker type filters can be set for the In-Memory Database and the packet ring buffer.
===Dynamic memory utilization===
The Allegro Network Multimeter dynamically adjusts its memory usage to the traffic it sees. This means that in smaller networks with few IPs and connections, the analyzer can store historical data longer than in larger networks with far more IP- and connection information.


=== 1.1 Dynamic memory utilization ===
The Network Multimeter will automatically remove old data from memory (FiFo) if the memory usage is above 90%. Under "Info" in the web interface's menu, the "System info" page shows the current usage and, more importantly, for which period of time data is available.


The Allegro Network Multimeter dynamically adjust its memory usage to the traffic it sees. This means that in smaller networks the device can store historical data longer while for larger networks the device stores more IP addresses and related information, but for a shorter amount of time.
A high memory usage is usually not a problem as the device will not remove any measured data unless the limit of 90% is reached. So over time, 90% of the memory will be used. The type of traffic has a great influence on how long data can be accessed.


The Network Multimeter will automatically remove old data from memory if the memory usage is above 90%. At the web interface, the system info page in the info submenu shows the current usage and more importantly for which period of time data is available.
In a situation where the memory usage keeps increasing to 100%, the Analyzer is overloaded. This basically means that for that traffic load or situation, a larger Allegro Network Multimeter is required.


A high memory usage is usually not a problem as the device will not remove any measured data unless the limit of 90% is reached. So over time, 90% of the memory will be used. However, the type of traffic has a direct influence on how long data can be accessed.
By default, all graphs will display recent network traffic with a 1 second resolution. For older traffic the graph resolution will dynamically be lowered e.g. up to 16s. It is possible to adjust the aforementioned graph resolution and reduction values in the settings, to either get more detailed graphs OR a longer period of data & statistics available in the dashboard.
===Name correlation===
The Network Multimeter will display "Name information" whenever available. Different data sources are used for extracting such name information from network devices and their respective IP addresses. Name information is often announced by the device itself (via DHCP or NetBIOS), or as part of the network infrastructure (via DNS or HTTP host names).


If the memory usage keeps increasing to 100%, the system can no longer free memory as all information are too recent to be freed. This basically means that for the current traffic load, a larger Allegro Network Multimeter is required.
All information is gathered during runtime and shown for each IP address to make it possible to identify the actual system parameters.


By default, all graphs show network traffic in one second resolution for recent traffic and reduces the detail level for older traffic. In the Settings it is possible to adjust the graph resolution and reduction values to either get more detailed graphs or longer data storage time.
Depending on the network setup, the same IP can be assigned to different devices over time. The Allegro Network Multimeter will show as much name information as possible even if such information is outdated. This means that it can occur that a name is displayed for an IP address that actually belongs to a different device. This is not really a problem, since new devices (should) announce their name regularly, which will bring the internal name database up to date again.
 
=== 1.2 Name correlation ===
 
The Network Multimeter will presents name information wherever available and uses different data sources for extracting name information for network devices (and their IP addresses). Names are often announced by the devices itself (via DHCP or NetBIOS), or are part of the network infrastructure (via DNS or HTTP host names).
 
All information a gathered during runtime and shown for each IP address to make it possible to identify the actual system behind.
 
Depending on the network setup, the same IP can be assigned to different devices over time. The Allegro Network Multimeter will shown as much name information as possible even if such information is outdated. This means that it can happen that a name is shown for an IP address that actually belonged to a different device. This is usually not a problem since new device should announce their name so that the internal name database will be up to date again.

Latest revision as of 07:50, 20 April 2022

The Allegro Network Multimeter is a real-time network measurement tool to identify network problems, performance bottlenecks, and to measure network quality parameters. It can be used for network troubleshooting, performance measurement, performance monitoring and other use cases. The appliance is easy to install and provides a modern web-based interface to analyze multiple network traffic parameters from all Layers of the network stack.

The appliance can be placed inline in gigabit networks, or running on the Mirror Port of a router. It will measure the following network parameters:

  • Layer 2 statistics & analysis MAC, QoS, ARP, VLAN, STP, MPLS, LLDP, PPPoE, packet size distribution and Micro burst analysis.
  • Layer 3 statistics & analysis Individual IP, QoS, DHCP, DNS, Netbios, ICMP, Multicast and Geolocation.
  • Layer 4 statistics & analysis TCP, IPSec, individual connections and L4 server ports.
  • Layer 7 statistics & analysis SSL, HTTP, SIP, RTP, SMB, Profinet, OPC-UA, L7 app. protocols, NTP, PTP and custom response time analysis.
Introduction


All information is available in Real-Time including history graphs of the global traffic, traffic per MAC address, per IP address, or even per protocol. Additionally, graphs can be clicked to zoom into a specific timeframe and see measurement results for only that specific time interval.

Data processing and storage

The Allegro Network Multimeter consists of two different and completely separate types of memory where data is being processed (RAM and Storage), which facilitates different modes of operation.

1. Allegro Network Multimeter uniquely utilizes Random Access Memory (RAM) to construct its very fast In-Memory Database. Measurement data and statistics shown throughout the web-interface/dashboard, are stored in, and retrieved from RAM. This allows for the Allegro Network Multimeter to be used in restricted and GDPR/AVG sensitive areas, where it is not allowed to store or remove data. Statistics and data shown in the dashboard will be gone in event of a power cycle.

2. Allegro Network Multimeter facilitates the use of a so called Packet Ring Buffer. The packet ring buffer (see Storage) is a HDD/SSD storage device where packet data can be stored "permanently". This allows Allegro Network Multimeter users to retroactively extract packets of interest from the web-interface. In depth analysis of such extracted pcap file can be done either with Allegro's built in Webshark or with Wireshark.

The use of a packet ring buffer also allows to easily replay network traffic (or parts thereof) that was captured to the storage device. So for instance, an engineer could send out a portable Allegro Network Multimeter to a remote site/customer, have the Allegro Network Multimeter collect network traffic for multiple days and replay & analyze this data afterwards. Packet broker type filters can be set for the In-Memory Database and the packet ring buffer.

Dynamic memory utilization

The Allegro Network Multimeter dynamically adjusts its memory usage to the traffic it sees. This means that in smaller networks with few IPs and connections, the analyzer can store historical data longer than in larger networks with far more IP- and connection information.

The Network Multimeter will automatically remove old data from memory (FiFo) if the memory usage is above 90%. Under "Info" in the web interface's menu, the "System info" page shows the current usage and, more importantly, for which period of time data is available.

A high memory usage is usually not a problem as the device will not remove any measured data unless the limit of 90% is reached. So over time, 90% of the memory will be used. The type of traffic has a great influence on how long data can be accessed.

In a situation where the memory usage keeps increasing to 100%, the Analyzer is overloaded. This basically means that for that traffic load or situation, a larger Allegro Network Multimeter is required.

By default, all graphs will display recent network traffic with a 1 second resolution. For older traffic the graph resolution will dynamically be lowered e.g. up to 16s. It is possible to adjust the aforementioned graph resolution and reduction values in the settings, to either get more detailed graphs OR a longer period of data & statistics available in the dashboard.

Name correlation

The Network Multimeter will display "Name information" whenever available. Different data sources are used for extracting such name information from network devices and their respective IP addresses. Name information is often announced by the device itself (via DHCP or NetBIOS), or as part of the network infrastructure (via DNS or HTTP host names).

All information is gathered during runtime and shown for each IP address to make it possible to identify the actual system parameters.

Depending on the network setup, the same IP can be assigned to different devices over time. The Allegro Network Multimeter will show as much name information as possible even if such information is outdated. This means that it can occur that a name is displayed for an IP address that actually belongs to a different device. This is not really a problem, since new devices (should) announce their name regularly, which will bring the internal name database up to date again.